Yubico Pushes YubiKey for Remote Government Workers

Yubico Pushes YubiKey for Remote Government Workers

Yubico is trying to help government agencies adapt to the unexpected security demands of a remote work environment. The company specifically cited the US government’s Personal Identity Verification (PIV) and Common Access Card (CAC) credentials, which are typically issued through an in-person identification and authentication process.

Unfortunately, the COVID-19 pandemic has forced many agencies to suspend those face-to-face appointments. It also means that government agencies need a new way to ensure strong security if they want to maintain their operational capabilities during the crisis.

That’s where the YubiKey comes into play. The US Office of Management and Budget (OMB) has issued a directive that encourages agencies to issue alternative credentials to employees, and to rely on approved technology solutions to overcome service gaps. The YubiKey is one such solution. The physical security tool has the approval of the federal government, so agencies can issue them to employees who are now working from home.

“Much like the PIV card, FIDO security keys leverage public key cryptography for authentication, which can’t be phished,” said Venable Managing Director of Cybersecurity Jeremy Grant, who also served as a Senior Advisor during the Obama Administration. “Agencies can mail FIDO security keys directly to employees needing strong authentication, and because they work via USB and NFC, they don’t require a specialized reader as PIV cards do.”

Yubico argues that YubiKeys can be particularly valuable for large bureaucratic institutions, which often struggle when faced with a situation that demands a sudden change in procedure. YubiKeys are relatively easy to deploy, so a cumbersome organization can rely on them if it needs to respond to new challenges more quickly.

Yubico has previously noted that there has been an increase in social engineering attacks since the onset of COVID-19. That, in turn, means that anti-phishing measures (and multi-factor authentication) are essential in the current environment.